janvdmeij Absent Member.
Absent Member.
806 views

Web service timeout with Advanced Authentication

Hello all,

When using NAM to authenticate to Vibe or GroupWise the timeout for a re-login is acceptable. But when integrated with Advanced Authentication (2factor, with the Advanced Authentication app) the timeout even when busy is very very short. Less then 5 minutes. After the timeout it is NAM that reports that I don't have the rights to view the desired URL.

Does anyone know how to adjust this timeout?

Jan
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Web service timeout with Advanced Authentication

On 03-01-2019 9:04 PM, janvdmeij wrote:
>
> Hello all,
>
> When using NAM to authenticate to Vibe or GroupWise the timeout for a
> re-login is acceptable. But when integrated with Advanced Authentication
> (2factor, with the Advanced Authentication app) the timeout even when
> busy is very very short. Less then 5 minutes. After the timeout it is
> NAM that reports that I don't have the rights to view the desired URL.
>
> Does anyone know how to adjust this timeout?


I'm confused. If the NAM session times out it should just trigger a re-authentication. Can you provide a screenshot of the error perhaps?


--
Cheers,
Edward
0 Likes
janvdmeij Absent Member.
Absent Member.

Re: Web service timeout with Advanced Authentication

edmaa;2493200 wrote:
On 03-01-2019 9:04 PM, janvdmeij wrote:
>
> Hello all,
>
> When using NAM to authenticate to Vibe or GroupWise the timeout for a
> re-login is acceptable. But when integrated with Advanced Authentication
> (2factor, with the Advanced Authentication app) the timeout even when
> busy is very very short. Less then 5 minutes. After the timeout it is
> NAM that reports that I don't have the rights to view the desired URL.
>
> Does anyone know how to adjust this timeout?


I'm confused. If the NAM session times out it should just trigger a re-authentication. Can you provide a screenshot of the error perhaps?


--
Cheers,
Edward


Hello Ed,

Here is the screenshot (Dutch)

0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Web service timeout with Advanced Authentication

On 07-01-2019 8:04 PM, janvdmeij wrote:
>


> Hello Ed,
>
> Here is the screenshot (Dutch)
>
> [image: https://www.meerdaneen.nl/Screenshot_20190107_094859.png]
>
>


Glad i can still read Dutch. Its a weird error though. I'd check the error_log from apache (set logging at info in the advanced conf options) and see
what is happening there (or post it here though it'll contain internal IPs you might not want to share). Something tells me something isn't quite
right. I have a gut feel apache fails to communicate with the backend server properly (perhaps due to a TCP session timeout?)



--
Cheers,
Edward
0 Likes
janvdmeij Absent Member.
Absent Member.

Re: Web service timeout with Advanced Authentication

This is what the apache logs of NAM say:

Jan 8 14:36:20 xxxxx httpd[25306]: [novell_ag:crit] [pid 25306:tid 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B: AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69: AMEVENTID#233499: reason for session assurance mismatch is
Jan 8 14:36:20 fs-amap httpd[25306]: [novell_ag:crit] [pid 25306:tid 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B: AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69: AMEVENTID#233499: IDC mismatch:received Idc cookie is expired

Under security > Advanced Session Assurance > Identity Server / Access Gateways I have set a longer interval now. Hope this will do it. Will let you know.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Web service timeout with Advanced Authentication

On 09-01-2019 12:54 AM, janvdmeij wrote:
>
> This is what the apache logs of NAM say:
>
> Jan 8 14:36:20 xxxxx httpd[25306]: [novell_ag:crit] [pid 25306:tid
> 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B:
> AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69:
> AMEVENTID#233499: reason for session assurance mismatch is
> Jan 8 14:36:20 fs-amap httpd[25306]: [novell_ag:crit] [pid 25306:tid
> 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B:
> AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69:
> AMEVENTID#233499: IDC mismatch:received Idc cookie is expired
>
> Under security > Advanced Session Assurance > Identity Server / Access
> Gateways I have set a longer interval now. Hope this will do it. Will
> let you know.


If increasing the timeout doesn't fix it, disable it. It wouldn't be the first time session assurance causes some unexpected issues.


--
Cheers,
Edward
0 Likes
ScorpionSting Absent Member.
Absent Member.

Re: Web service timeout with Advanced Authentication

edmaa;2493312 wrote:
On 09-01-2019 12:54 AM, janvdmeij wrote:
>
> This is what the apache logs of NAM say:
>
> Jan 8 14:36:20 xxxxx httpd[25306]: [novell_ag:crit] [pid 25306:tid
> 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B:
> AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69:
> AMEVENTID#233499: reason for session assurance mismatch is
> Jan 8 14:36:20 fs-amap httpd[25306]: [novell_ag:crit] [pid 25306:tid
> 140489494906624] AM#104600404 AMDEVICEID#ag-695C76DDC80EE84B:
> AMAUTHID#b8d58ae3fcc8990c2108a8c9cb716e2f5818f3911ff0cb59a1b2f5402d4f1e69:
> AMEVENTID#233499: IDC mismatch:received Idc cookie is expired
>
> Under security > Advanced Session Assurance > Identity Server / Access
> Gateways I have set a longer interval now. Hope this will do it. Will
> let you know.


If increasing the timeout doesn't fix it, disable it. It wouldn't be the first time session assurance causes some unexpected issues.


--
Cheers,
Edward




Hmmm.....this sounds similar to that issue I reported on here last year with having to re-auth on backend "failure"....might try setting that variable as well.

Visit my Website for links to Cool Solution articles.
0 Likes
janvdmeij Absent Member.
Absent Member.

Re: Web service timeout with Advanced Authentication

ScorpionSting;2493346 wrote:
Hmmm.....this sounds similar to that issue I reported on here last year with having to re-auth on backend "failure"....might try setting that variable as well.


For me it works with that setting! Now my session is expiring at a normal interval.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.